February 2007 - jboss-user - Jboss List Archives

by Angel Todorov

Hi All, Our company is evaluating JBoss as an application server choice for our current applications to be deployed on. I have two questions regarding the structure of the EAR in JBOSS with respect to class loading. According to the J2EE 1.4 specification, one can put utility jars in the EAR, which are visible to all wars and EJB modules that make up the enterprise application. I am trying to do that with JBoss, but get ClassNotFoundExceptions. If i put all jars in the WAR that needs them, all classes are loaded properly. My second question is regarding class loader isolation in the EAR scope. Suppose I have some enterpise application and several webapps in it. At some point they both require the same libraries (jars), but one of the webapps wants to use a specific version of some jar only for itself. If I have some X.jar as a utility jar visible to two WARs, and WAR 1 has another version of X.jar in its own lib directory, which classes will be loaded first when the respective class in the webapp 1 requests them - the ones in its own lib directory, or the shared ones? Thank you very much for the feedback. Best Regards, Angel

19 years, 2 months

1
0
0 / 0

[JBoss Seam] - Re: SeamRemotingServlet gone since JBSEAM-790, doc doesn't t

by shane.bryzak＠jboss.com

You're right, of course. I've updated all the paths in the docs, it should be correct now. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018125#4018125 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018125

19 years, 2 months

1
0
0 / 0

[JBoss Seam] - Re: Security Remember Me Functionality

by christian.bauer＠jboss.com

Furthermore: Today, clients can fill out login-forms automatically. It is a much safer approach: a) the user decides when he wants to store sensitive information on the client (e.g. not on a browser in some internet cafe) b) the user has a clear warning and a message (Do you want to store that login information?) that he has seen before, not some obscure Remember Me checkbox with an unknown implementation he can't control c) the user can apply local measures to improve security, for example, my remembered login form data is stored in a master-password protected wallet (Safari + OS X) d) its much harder for attackers to abuse this functionality for fishing, you'd need DNS spoofing to get the victim to a malicious webpage with a faked domain, so that the client auto-fills the attackers form Having said that, we might add the "trusted client" Remember Me to Seam, but only with big red warning lights. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018118#4018118 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018118

19 years, 2 months

1
0
0 / 0

[JBoss Seam] - Re: Security Remember Me Functionality

by christian.bauer＠jboss.com

>From a security perspective, this is not a good idea. I can steal your username and password from the cookie with a bit of Javascript. The only requirement for that is that somewhere in the web application, user input is printed on the webpage unfiltered (e.g. on a registration screen, there is an "The address $email is not valid." error message and $email comes form a form field.) I make you click on a link I prepared and redirect you with a POST and some malicious payload to the vulnerable registration form. My POST enters Javascript code into the form that gets then printed onto the webpage in the error message. In that Javascript, I read your cookie and send it to my server. This is known as cross-site scripting and there are many variations. Short story: Do not trust the client, do not store sensitive information on the client. The best "Remember Me" feature is something similar to what Amazon is using: A username cookie is stored on the client, and the web application welcomes the user with his real name and also shows the remembered shopping basket. However, any sensitive operation (editing the shopping basket, buying stuff) requires re-authentication. This combined with an application audit for XSS holes is a good strategy. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018114#4018114 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018114

19 years, 2 months

1
0
0 / 0

[JBoss Seam] - Re: SeamRemotingServlet gone since JBSEAM-790, doc doesn't t

by codelion

... without the linefeeds, either forum formatting or me slipping with the mouse ... Point is it needs that extra /resource/ in the paths to the scripts. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018111#4018111 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018111

19 years, 2 months

1
0
0 / 0

[JBoss Seam] - Re: SeamRemotingServlet gone since JBSEAM-790, doc doesn't t

by codelion

Right on same page in chapter on remoting you yet have to replace more than one <script type="text/javascript" src="seam/remoting... with <script type="text/javascript" src="seam/resource/remoting View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018110#4018110 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018110

19 years, 2 months

1
0
0 / 0

[JBossWS] - Re: Can not javax.xml.bind.JAXBContext in which jar file.

by rlamie

Sorry for the noise, I've found the implementation of WSContractConsumerFactory in the subprojects dir. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018106#4018106 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018106

19 years, 2 months

1
0
0 / 0

[JBossWS] - Re: Can not javax.xml.bind.JAXBContext in which jar file.

by rlamie

Thomas, After checking out a fresh copy of the 1.2.0 branch, I tried to run the release target. Several points : 1/ Ant.properties # Optional JBoss Home #jboss50.home=/home/tdiesler/svn/jbossas/trunk/build/output/jboss-5.0.0.Beta2 #jboss42.home=/home/tdiesler/svn/jbossas/branches/Branch_4_2/build/output/jboss-4.2.0.CR1-ejb3 #jboss40.home=/home/tdiesler/svn/jbossas/branches/Branch_4_0/build/output/jboss-4.0.5.SP1-ejb3 Actually not very optional, you have to define each jbossX.home, no way to define only 1 integration point. 2/ build-setup.xml Obviously links to jbossX.thirdparty are rather personal :-) After that, it's ok. Just another big point, when i try , i got the following error : Could not load provider:org.jboss.ws.tools.jaxws.impl.WSContractConsumerFactoryImpl I searched the implementation class and found nothing in the source... missed something ? Thank you. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018104#4018104 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018104

19 years, 2 months

1
0
0 / 0

[JBoss Seam] - Re: Needing help for the lazy initialize

by Seto

I just have a three level relationship. Category 1...* Position 1...* Article My home page is listing the categories with the position below and articles below. I want to limit the size initilize size of the articles. I'm using the sublist to get the recent 10 articles. But it can't limit the initilize and the performance is so bad. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018103#4018103 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018103

19 years, 2 months

1
0
0 / 0

[JBoss Seam] - Needing help for the lazy initialize

by Seto

In hibernate, we can use below code to limit the collection's size. | s.createFilter( lazyCollection, "").setFirstResult(0).setMaxResults(10).list(); | How can I do such thing in JBoss Seam, or in the other words, EJB3. Maybe I posted in the wrong forum, but I'm using Seam, so I post it here. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018101#4018101 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018101

19 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-user February 2007